Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

exit($var) and die($var) should be the same type of taint sink as echo #3681

Closed
TysonAndre opened this issue Jun 25, 2020 · 1 comment
Closed

exit($var) and die($var) should be the same type of taint sink as echo #3681

TysonAndre opened this issue Jun 25, 2020 · 1 comment

Comments

@TysonAndre
Copy link
Contributor

For https://psalm.dev/r/3c0c87ee06

Observed: No warnings about tainted input
Expected: Should warn, because the calls to exit() will echo the passed in string (e.g. in an html response)
@psalm-github-bot
Copy link

I found these snippets:

https://psalm.dev/r/3c0c87ee06 
<?php // --taint-analysis
// This should be treated as the same type of sink as echo
if (rand(0, 1)) {
    exit($_GET['a']);
} else {
    die($_GET['b']);
}
Psalm output (using commit 9837a60):

No issues!

@muglug muglug closed this as completed in 559b3d3 Jun 25, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@TysonAndre